Changes to our policies (updated)

Hi Dropboxers,

Today we revised our Terms of Service, Privacy Policy and Security Overview. We’re in the process of emailing every user to let you know about these changes. These updates are meant to make all our policies clearer and more transparent to you.

So what did we change?

First, we’ve made all three of these docs easier to read and understand. We worked hard to eliminate as much “legalese” as possible. We actually want you to read them!

Second, we’ve tried to make them better reflect a few important beliefs we have as a company by adding more detail on privacy and security. The trust placed in us by millions of people to keep their valuable data safe is the most important asset we have. Security is a responsibility we take very seriously and a topic we want users to understand. We also want users to understand that information about how people use Dropbox is really important to helping us build a better product. So, we believe you should know what data we collect and store, and we want to be upfront and honest about how we use it.

Here are a few changes we wanted to call out specifically:

1.) Encryption keys – Dropbox manages encryption keys for you. The reason is many of the most popular Dropbox features — like accessing your files from the website, creating file previews, and sharing files with other people — would either be impossible or would be much more cumbersome for users without this capability. But we’re also ok if you want to manage your own encryption by using products like TrueCrypt with Dropbox. We’ve discussed this publicly in the past, but we added this information to our security overview so it’s easy to find.

2.) Data practices – People love Dropbox because it lets them take their life’s work everywhere. And we want you to be in control of that work, including your decisions to delete it. So we added a section to our privacy policy to describe our data retention policies. If you delete your account, we try to delete your data quickly, but there are some rare cases where we can’t, which are outlined in the privacy policy.

3.) Location & log data – Data on how people use Dropbox helps us create a better user experience. We want to be clear about how we collect and use that data, so we’ve explained it in our privacy policy. For example, we collect information such as your country, operating system and the hardware ID from your device. This data allows us to optimize your experience for your device and language.

4.) De-duplication – We’re always working to make Dropbox more efficient. For example, we may de-duplicate files, which means we store only one copy of files or pieces of files that are the same. This has been discussed for a long time in our forums, in interviews and in response to user emails, but we want to spell it out further for you and have added it to our privacy policy.

5.) Mobile encryption – Your life should be as secure on the go as it is at your desk, so our goal is to encrypt all data transmitted to our mobile apps. For example, we’ve rolled out updates to our mobile apps last month that encrypt metadata during transmission. Not every mobile media player supports encrypted streams though, so we’ve changed our security overview to reflect that.

We’ve tried to present these three docs in plain language and hope that our edits have made them easier to read and understand. Please send us your feedback. All of us at Dropbox appreciate the trust you place in us.

We’ll continue to provide updates as we work to improve Dropbox.

[Update – 7/2] – We asked for your feedback and we’ve been listening. As a result, we’ve clarified our language on licensing:

You retain ownership to your stuff. You are also solely responsible for your conduct, the content of your files and folders, and your communications with others while using the Services.

We sometimes need your permission to do what you ask us to do with your stuff (for example, hosting, making public, or sharing your files). By submitting your stuff to the Services, you grant us (and those we work with to provide the Services) worldwide, non-exclusive, royalty-free, sublicenseable rights to use, copy, distribute, prepare derivative works (such as translations or format conversions) of, perform, or publicly display that stuff to the extent reasonably necessary for the Service. This license is solely to enable us to technically administer, display, and operate the Services. You must ensure you have the rights you need to grant us that permission.

[Update 2 – 7/2] – An update based on your feedback:

One of the main reasons we updated our terms of service was to make them easier to read and understand. It seems we’ve mostly accomplished that, which we’re thrilled about.

Some of you have written us with very understandable concerns about the legal-sounding parts. In particular, our new TOS talks about the licenses we need to run Dropbox. We want to be 100% clear that you own what you put in your Dropbox. We don’t own your stuff. And the license you give us is really limited. It only allows us to provide the service to you. Nothing else.

We think it’s really important that you understand the license. It’s about the permissions you give us to run the service, things like creating public links when you ask us to, allowing you to collaborate with colleagues in shared folders, generating web previews or thumbnails of your files, encrypting files, creating backups… the basic things that make Dropbox safe and easy to use. Services like Google Docs and others do the same thing when they get these permissions (see, for example, section 11.1 of Google’s TOS).

We wish we didn’t have to use legal terms at all, but copyright law is complicated and if we don’t get these permissions in writing, we might be putting ourselves in a tough spot down the road. Not to bore you with the details, but please take a look at the license term in the TOS. We think it’s fair and strikes the right balance: “This license is solely to enable us to technically administer, display, and operate the Services.”

We want to thank everybody who wrote in, understanding your concerns helps us make Dropbox better.

Drew & Arash